File syncing and sharing service Dropbox boasts over 25 million happy users who use the service to share or synchronize files and folders between multiple computers. Yesterday, Dropbox explained they pushed a code update that accidentally disabled their password authentication system. Normally you need an email address and password to access any account, but yesterday the change left all Dropbox account passwords unlocked, meaning only a email address was required to get access to any user’s files.

According to a post at the Dropbox blog, the issue started at 1:54pm Pacific during a code update, and the team discovered the problem four hours later at 5:41pm Pacific. They immediately fixed the error and had the issue resolved by 5:46pm Pacific.

According to Dropbox, a very small number of users – less than 1 percent of their total user base – logged in during that period, some of whom could have been users trying to log in to someone else’s account. We know from yesterday’s report at Pastebin that users discovered the issue first, including Christopher Soghoian, the security researcher who filed a complaint with the FTC about Dropbox last month. The problem, as he and others have stated, with claiming that “a very small number” of users, or that “only 1%” of the user base was affected, is that 1% of all Dropbox users is still over 250,000 people.

To their credit, Dropbox immediately logged out all users who had logged in during the hours where authentication was disabled. This forced users whose accounts may have been compromised to properly authenticate to the service to get back in. They also promised to keep an eye on account activity and warn users if they observe anything out of the ordinary. As of early this morning, the company has already reached out to that 1% to let them know that their accounts were the ones impacted.

In the end, the obscurity of the issue (and the fact that no one knew about it until it was resolved,) served Dropbox well and kept the problem from growing to an uncontrollable scale. Some users however are still incensed that Dropbox didn’t notify them immediately when they discovered the authentication problem.

One look at the forums and you can tell that Dropbox users have had their faith in the service shaken by the issue, and many worry about their security going forward. Regardless, the service is back to normal now and Dropbox says the issue is completely resolved.